I work in the product based company where Customer implementation includes the Custom java development with maven dependencies from the product
- Once the customer develops the code they are going to publish the code and jar via support ticket
- As engineering we will manually review the source code and manually run the sonar lint for the issues
Now if I want to automate the process of the review the source code I planing to develop one web service to accept the source code from customer in turn app will run the sonar lint and if no issues will approve the code
now the final question is that do we have the Java library from sonar lint where it actually execute and generate the report
Hello, welcome to the community! And thank you for your question.
It is not clear to me what you are trying to achieve.
SonarLint is an IDE extension that is meant to report issues on the fly as you code. It does not generate a “report”, but instead it highlights issues directly in your editor.
If what you’re looking for is to automate some of the code review for the customer-developed code, you might want to have a look into SonarQube or SonarCloud instead.
The easiest way I can think of is that you create a Git repository to which the customer will push, and setup a continuous integration system to launch the SonarQube/SonarCloud scan on each push.
Depending on where you create this Git repository, you might even be able to use pull/merge request integration so that analysis results appear as comments in the repository, and quality gate status allows or blocks the merge action.
Can I run a report for the maven project from another java code
Java project: Custom-java project
Purpose: Custom code developed by our customer
Java project: Reviewer
Purpose: which will generate the report for above code Custom-java project
We wanted to generate the report java by making some api calls provided by the you guys
do you have such thing like we create EC2 instances with aws compute SDK library
I still don’t see what you are trying to achieve, sorry.
Do you have a SonarQube server or SonarCloud subscription on which you are analyzing the code for these projects?
Why are you trying to use a “reviewer” project to analyze the other project? Why not just analyze the “customer” project on its own?